Real-Time Monitoring of Cable Sag and Overhead Power Line Parameters Based on a Distributed Sensor Network and Implementation in a Web Server and IoT.

Based on the need for real-time sag monitoring of Overhead Power Lines (OPL) for electricity transmission, this article presents the implementation of a hardware and software system for online monitoring of OPL cables. The mathematical model based on differential equations and the methods of algorithmic calculation of OPL cable sag are presented. Considering that, based on the mathematical model presented, the calculation of cable sag can be done in different ways depending on the sensors used, and the presented application uses a variety of sensors. Therefore, a direct calculation is made using one of the different methods. Subsequently, the verification relations are highlighted directly, and in return, the calculation by the alternative method, which uses another group of sensors, generates both a verification of the calculation and the functionality of the sensors, thus obtaining a defect observer of the sensors. The hardware architecture of the OPL cable online monitoring application is presented, together with the main characteristics of the sensors and communication equipment used. The configurations required to transmit data using the ModBUS and ZigBee protocols are also presented. The main software modules of the OPL cable condition monitoring application are described, which ensure the monitoring of the main parameters of the power line and the visualisation of the results both on the electricity provider's intranet using a web server and MySQL database, and on the Internet using an Internet of Things (IoT) server. This categorisation of the data visualisation mode is done in such a way as to ensure a high level of cyber security. Also, the global accuracy of the entire OPL cable sag calculus system is estimated at 0.1%. Starting from the mathematical model of the OPL cable sag calculation, it goes through the stages of creating such a monitoring system, from the numerical simulations carried out using Matlab to the real-time implementation of this monitoring application using Laboratory Virtual Instrument Engineering Workbench (LabVIEW).

System for the Acquisition and Monitoring of Energy Consumption in the Context of Industry 4.0.

This paper examines methodologies for monitoring energy consumption and operational parameters of an industrial assembly line, with a particular emphasis on the utilization of virtual tools, augmented reality, and real-time data visualization. The research examines the integration of an interface and the implementation of a data acquisition system, employing augmented reality to facilitate interaction with the collected data. The proposed system employs the Node-RED interface to facilitate the establishment of connections between constituent elements. The data is stored in a database, which provides support for decision-making in the analysis of energy consumption and operational parameters of the industrial assembly line. The results demonstrate that the solution is effective in enhancing energy resource management, identifying inefficiencies, and optimizing the performance of industrial equipment. The findings indicate that the implementation of such a system can markedly enhance the industrial process.

Modbus Extension Server Implementation for BIoT-Enabled Smart Switch Embedded System Device.

The industrial control and automation sector has invested in the development and standardization of new wireless (WirelessHART, ISA 100.11a, and WIA-PA) and wired (Profibus/Profinet, Modbus, and LonWORK) solutions aimed at automating processes to support standard monitoring and control functions from the perspective of addressing critical applications, as well as those integrated within the Building Internet of Things (BIoT) concept. Distributed data acquisition and control systems allow modern installations to monitor and control devices remotely. Various network protocols have been proposed to specify communication formats between a client/gateway and server devices, with Modbus being an example that has been widely implemented in the latest industrial electrical installations. The main contribution made in this paper concerns the completion of the Modbus Extension (ModbusE) specifications for the server station in the classical Modbus communication architecture, as well as their implementation and testing in an STM32F4 kit. A general-purpose control architecture is proposed for BIoT sector, comprising both intelligent touch switches and communication protocols of which the Modbus protocol is used extensively for the monitoring and control part, especially between clients, smart switches, and devices. The specific contributions concern the presentation of a scientific and practical implementation of improved specifications and their integration as software modules on ModbusE protocol server stations. A client station with a VirtualComm USB PC connection is also implemented in the lab to test the operation of the proposed server with specific Modbus applications.

Enhancing Cybersecurity in Distributed Microgrids: A Review of Communication Protocols and Standards.

The effective operation of distributed energy sources relies significantly on the communication systems employed in microgrids. This article explores the fundamental communication requirements, structures, and protocols necessary to establish a secure connection in microgrids. This article examines the present difficulties facing, and progress in, smart microgrid communication technologies, including wired and wireless networks. Furthermore, it evaluates the incorporation of diverse security methods. This article showcases a case study that illustrates the implementation of a distributed cyber-security communication system in a microgrid setting. The study concludes by emphasizing the ongoing research endeavors and suggesting potential future research paths in the field of microgrid communications.

Enhanced Modbus/TCP Security Protocol: Authentication and Authorization Functions Supported.

The Zero Trust concept is being adopted in information technology (IT) deployments, while human users remain to be the main risk for operational technology (OT) deployments. This article proposes to enhance the new Modbus/TCP Security protocol with authentication and authorization functions that guarantee security against intentional unauthorized access. It aims to comply with the principle of never trusting the person who is accessing the network before carrying out a security check. Two functions are tested and used in order to build an access control method that is based on a username and a password for human users with knowledge of industrial automation control systems (IACS), using simple means, low motivation, and few resources. A man-in-the-middle (MITM) component was added in order to intermediate the client and the server communication and to validate these functions. The proposed scenario was implemented using the Node-RED programming platform. The tests implementing the functions and the access control method through the Node-RED software have proven their potential and their applicability.

Experimental Implementation and Performance Evaluation of an IoT Access Gateway for the Modbus Extension.

This paper presents the relevant aspects regarding the experimental implementation and performance evaluation of an Internet of things (IoT) gateway for the Modbus extension. The proposed Modbus extension specifications are extended by defining the new optimized message format, and the structure of the acquisition cycle for obtaining a deterministic temporal behavior and solutions are presented for the description of devices at the MODBUS protocol level. Three different implementations are presented, and the Modbus extension's performance is validated regarding the efficiency in the use of the acquisition cycle time. The software and hardware processing time and the importance and effect of the various components are analyzed and evaluated. They all support the implementation of an Internet of things gateway for Modbus extension. This paper introduces solutions for the structure of the acquisition cycle to include other valuable extensions, discusses the performance of a real implementation in the form of a gateway, adds new features to the Modbus extension specification, and strengthens some of the existing ones. In accordance with the novelty and contribution of this paper to the field of local industrial networks, the results obtained in the analysis, testing, and validation of the Modbus extension protocol refer to the extending of the Modbus functions for industrial process monitoring and control management.

Modbus Access Control System Based on SSI over Hyperledger Fabric Blockchain.

Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.

TTAS: Trusted Token Authentication Service of Securing SCADA Network in Energy Management System for Industrial Internet of Things.

The vigorous development of the Industrial Internet of Things brings the advanced connection function of the new generation of industrial automation and control systems. The Supervisory Control and Data Acquisition (SCADA) network is converted into an open and highly interconnected network, where the equipment connections between industrial electronic devices are integrated with a SCADA system through a Modbus protocol. As SCADA and Modbus are easily used for control and monitoring, the interconnection and operational efficiency between systems are highly improved; however, such connectivity inevitably exposes the system to the open network environment. There are many network security threats and vulnerabilities in a SCADA network system. Especially in the era of the Industrial Internet of Things, any security vulnerability of an industrial system may cause serious property losses. Therefore, this paper proposes an encryption and verification mechanism based on the trusted token authentication service and Transport Layer Security (TLS) protocol to prevent attackers from physical attacks. Experimentally, this paper deployed and verified the system in an actual field of energy management system. According to the experimental results, the security defense architecture proposed in this paper can effectively improve security and is compatible with the actual field system.

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid.

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer.

Vulnerability mining technology is used for protecting the security of industrial control systems and their network protocols. Traditionally, vulnerability mining methods have the shortcomings of poor vulnerability mining ability and low reception rate. In this study, a test case generation model for vulnerability mining of the Modbus TCP based on an anti-sample algorithm is proposed. Firstly, a recurrent neural network is trained to learn the semantics of the protocol data unit. The softmax function is used to express the probability distribution of data values. Next, the random variable threshold and the maximum probability are compared in the algorithm to determine whether to replace the current data value with the minimum probability data value. Finally, the Modbus application protocol (MBAP) header is completed according to the protocol specification. Experiments using the anti-sample fuzzer show that it not only improves the reception rate of test cases and the ability to exploit vulnerabilities, but also detects vulnerabilities of industrial control protocols more quickly.

System of Sensors and Actuators for the Production of Water Used in the Manufacture of Medicines.

This paper presents the development and implementation of a centralized industrial network for an automatic purified water production system used in the pharmaceutical industry. This implementation is part of a project to adapt an industrial plant to cope with advances in industrial technology to achieve the level of Industry 4.0. The adequacy of the instruments and the interconnection of the controllers made it possible to monitor the process steps by transforming a manual plant, with discontinuous production into an automated plant, improving the efficiency and quality of the produced water. The development of a supervisory system provides the operator with a panoramic view of the process, informing in real-time the behavior of the variables in the process steps, as well as storing data, event history and alarms. This system also prevented the collection of erroneous or manipulated data, making the process more transparent and reliable. Accordingly, we have been able to tailor this water treatment plant to operate within the minimum requirements required by the regulator.

A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach.

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

Cryptographic Considerations for Automation and SCADA Systems Using Trusted Platform Modules.

The increased number of cyber threats against the Supervisory Control and Data Acquisition (SCADA) and automation systems in the Industrial-Internet-of-Things (IIoT) and Industry 4.0 era has raised concerns in respect to the importance of securing critical infrastructures and manufacturing plants. The evolution towards interconnection and interoperability has expanded the vulnerabilities of these systems, especially in the context of the widely spread legacy standard protocols, by exposing the data to the outside network. After gaining access to the system data by launching a variety of attacks, an intruder can cause severe damage to the industrial process in place. Hence, this paper attempts to respond to the security issue caused by legacy structures using insecure communication protocols (e.g., Modbus TCP, DNP3, S7), presenting a different perspective focused on the capabilities of a trusted platform module (TPM). Furthermore, the intent is to assure the authenticity of the data transmitted between two entities on the same (horizontal interoperation) or different (vertical interoperation) hierarchical levels communicating through Modbus TCP protocol based on functionalities obtained by integrating trusted platform modules. From the experimental results perspective, the paper aims to show the advantages of integrating TPMs in automation/SCADA systems in terms of security. Two methods are proposed in order to assure the authenticity of the messages which are transmitted, respectively the study presents the measurements related to the increased time latency introduced due to the proposed concept.

Easy Handling of Sensors and Actuators over TCP/IP Networks by Open Source Hardware/Software.

There are several specific solutions for accessing sensors and actuators present in any process or system through a TCP/IP network, either local or a wide area type like the Internet. The usage of sensors and actuators of different nature and diverse interfaces (SPI, I2C, analogue, etc.) makes access to them from a network in a homogeneous and secure way more complex. A framework, including both software and hardware resources, is necessary to simplify and unify networked access to these devices. In this paper, a set of open-source software tools, specifically designed to cover the different issues concerning the access to sensors and actuators, and two proposed low-cost hardware architectures to operate with the abovementioned software tools are presented. They allow integrated and easy access to local or remote sensors and actuators. The software tools, integrated in the free authoring tool Easy Java and Javascript Simulations (EJS) solve the interaction issues between the subsystem that integrates sensors and actuators into the network, called convergence subsystem in this paper, and the Human Machine Interface (HMI)-this one designed using the intuitive graphical system of EJS-located on the user's computer. The proposed hardware architectures and software tools are described and experimental implementations with the proposed tools are presented.